[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 970/05 - Four Fedora Update Notifications:
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 970/05 dated 21.11.05 Time: 13:15
UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Four Fedora Update Notifications:
1. FEDORA-2005-1086 - Fedora Core 3 - gdk-pixbuf
2. FEDORA-2005-1087 - Fedora Core 3 - gtk2
3. FEDORA-2005-1085 - Fedora Core 4 - gdk-pixbuf
4. FEDORA-2005-1088 - Fedora Core 4 - gtk2
Detail
======
1. The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.
2. GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.
3. The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.
4. GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.
1.
- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1086
2005-11-15
- ---------------------------------------------------------------------
Product : Fedora Core 3
Name : gdk-pixbuf
Version : 0.22.0
Release : 16.fc3.3
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.
- ---------------------------------------------------------------------
Update Information:
The gdk-pixbuf package contains an image loading library
used with the GNOME GUI desktop environment.
A bug was found in the way gdk-pixbuf processes XPM images.
An attacker could create a carefully crafted XPM file in
such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3186 to this issue.
Ludwig Nussel discovered an integer overflow bug in the way
gdk-pixbuf processes XPM images. An attacker could create a
carefully crafted XPM file in such a way that it could cause
an application linked with gdk-pixbuf to execute arbitrary
code or crash when the file was opened by a victim. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2976 to this issue.
Ludwig Nussel also discovered an infinite-loop denial of
service bug in the way gdk-pixbuf processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with
gdk-pixbuf to stop responding when the file was opened by a
victim. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-2975 to this issue.
Users of gdk-pixbuf are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
- ---------------------------------------------------------------------
* Mon Oct 31 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 1:0.22.0-16.fc3.3
- - Prevent another integer overflow in the xpm loader (#171901, CVE-2005-2976)
- - Prevent an infinite loop in the xpm loader (#171901, CVE-2005-2976)
* Wed Oct 19 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 1:0.22.0-16.fc3.2
- - Prevent an integer overflow in the xpm loader (#171073, CVE-2005-3186)
- - Backport the noexecstack patch from FC-4
- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
36ab9c1c4f1cd6e9b1797da558737ff7 SRPMS/gdk-pixbuf-0.22.0-16.fc3.3.src.rpm
d3246e0d9f3f4c34e0f927a1e236be25 x86_64/gdk-pixbuf-0.22.0-16.fc3.3.x86_64.rpm
9672ba672933f8b4a8f2970395afe517 x86_64/gdk-pixbuf-devel-0.22.0-16.fc3.3.x86_64.rpm
b6d4bb7e18c74776e64cb4336da1bf37 x86_64/gdk-pixbuf-gnome-0.22.0-16.fc3.3.x86_64.rpm
8932ddbd550b967b0fa527a1094ff007 x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-16.fc3.3.x86_64.rpm
726dcbf604c857dd1a7e052cbd866d56 x86_64/gdk-pixbuf-0.22.0-16.fc3.3.i386.rpm
726dcbf604c857dd1a7e052cbd866d56 i386/gdk-pixbuf-0.22.0-16.fc3.3.i386.rpm
0b0866675e8a54cde5bd750fce59195f i386/gdk-pixbuf-devel-0.22.0-16.fc3.3.i386.rpm
fe1596cf330e88c2f4c15155207ea30d i386/gdk-pixbuf-gnome-0.22.0-16.fc3.3.i386.rpm
f3cf4719daf4ba9fbf6e558a45fb4c67 i386/debug/gdk-pixbuf-debuginfo-0.22.0-16.fc3.3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------
2.
- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1087
2005-11-15
- ---------------------------------------------------------------------
Product : Fedora Core 3
Name : gtk2
Version : 2.4.14
Release : 4.fc3.3
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.
- ---------------------------------------------------------------------
Update Information:
The gtk2 package contains the GIMP ToolKit (GTK+), a library
for creating graphical user interfaces for the X Window System.
A bug was found in the way gtk2 processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with gtk2 to
execute arbitrary code when the file was opened by a victim.
The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-3186 to this issue.
Ludwig Nussel discovered an infinite-loop denial of service
bug in the way gtk2 processes XPM images. An attacker could
create a carefully crafted XPM file in such a way that it
could cause an application linked with gtk2 to stop
responding when the file was opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the name
CVE-2005-2975 to this issue.
Users of gtk2 are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
- ---------------------------------------------------------------------
* Mon Oct 31 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 2.4.14-3.fc3.3
- - Prevent an infinite loop in the xpm loader (#171905, CVE-2005-2975)
* Wed Oct 19 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 2.4.14-3.fc3.1
- - Prevent an integer overflow in the xpm loader (#171072, CAN-2005-3186)
- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
44f37d231bffc16d7e516a7798007bb1 SRPMS/gtk2-2.4.14-4.fc3.3.src.rpm
1f9f05dd279c8454591bbd315cb2e542 x86_64/gtk2-2.4.14-4.fc3.3.x86_64.rpm
3aa5941eb7d4f254f4947bd795d3918a x86_64/gtk2-devel-2.4.14-4.fc3.3.x86_64.rpm
edf32a673b31f5de843243cd742c2bbf x86_64/debug/gtk2-debuginfo-2.4.14-4.fc3.3.x86_64.rpm
5c55dcfe8e8854ecf26bc915c7dce15f x86_64/gtk2-2.4.14-4.fc3.3.i386.rpm
5c55dcfe8e8854ecf26bc915c7dce15f i386/gtk2-2.4.14-4.fc3.3.i386.rpm
bcdc3b7f967cd4783c453a0fbf6c8fc9 i386/gtk2-devel-2.4.14-4.fc3.3.i386.rpm
09a8d4d38180ca97fe905bc9c0f152bb i386/debug/gtk2-debuginfo-2.4.14-4.fc3.3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------
3.
- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1085
2005-11-15
- ---------------------------------------------------------------------
Product : Fedora Core 4
Name : gdk-pixbuf
Version : 0.22.0
Release : 18.fc4.2
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.
- ---------------------------------------------------------------------
Update Information:
The gdk-pixbuf package contains an image loading library
used with the GNOME GUI desktop environment.
A bug was found in the way gdk-pixbuf processes XPM images.
An attacker could create a carefully crafted XPM file in
such a way that it could cause an application linked with
gdk-pixbuf to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3186 to this issue.
Ludwig Nussel discovered an integer overflow bug in the way
gdk-pixbuf processes XPM images. An attacker could create a
carefully crafted XPM file in such a way that it could cause
an application linked with gdk-pixbuf to execute arbitrary
code or crash when the file was opened by a victim. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2976 to this issue.
Ludwig Nussel also discovered an infinite-loop denial of
service bug in the way gdk-pixbuf processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with
gdk-pixbuf to stop responding when the file was opened by a
victim. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-2975 to this issue.
Users of gdk-pixbuf are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
- ---------------------------------------------------------------------
* Mon Oct 31 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 1:0.22.0-18.fc4.2
- - Prevent another integer overflow in the xpm loader (#171901, CVE-2005-2976)
- - Prevent an infinite loop in the xpm loader (#171901, CVE-2005-2976)
* Wed Oct 19 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 1:0.22.0-18.fc4.1
- - Prevent an integer overflow in the xpm loader (#171073, CVE-2005-3186)
- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
7c780b05008f3e1999bf8abbb0bb7b7a SRPMS/gdk-pixbuf-0.22.0-18.fc4.2.src.rpm
599efb60ec868f5242a4ca353c0b1ef6 ppc/gdk-pixbuf-0.22.0-18.fc4.2.ppc.rpm
1f18e28bf51ab6e7fb6bd064d91cbd17 ppc/gdk-pixbuf-devel-0.22.0-18.fc4.2.ppc.rpm
1905bece6ab5f5b4c49de5ff2a39e201 ppc/gdk-pixbuf-gnome-0.22.0-18.fc4.2.ppc.rpm
eefdf10dfdd1cd5ba10f81136e0c6662 ppc/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.ppc.rpm
4e478e20404e7167b5b6f30efcd80ed9 ppc/gdk-pixbuf-0.22.0-18.fc4.2.ppc64.rpm
7f2a934348fba04f2a8e9a210701406f x86_64/gdk-pixbuf-0.22.0-18.fc4.2.x86_64.rpm
861b6a186287685c4383e91f1353b77a x86_64/gdk-pixbuf-devel-0.22.0-18.fc4.2.x86_64.rpm
0e760f0a8385a1919962b9f684dabf1c x86_64/gdk-pixbuf-gnome-0.22.0-18.fc4.2.x86_64.rpm
9ef3e8849f5706bc6dc71559af1b056d x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.x86_64.rpm
212ce3ac8b0fe3f767048a2186cb3766 x86_64/gdk-pixbuf-0.22.0-18.fc4.2.i386.rpm
212ce3ac8b0fe3f767048a2186cb3766 i386/gdk-pixbuf-0.22.0-18.fc4.2.i386.rpm
7e0136afe88fd82d236a2e04ab76bc9a i386/gdk-pixbuf-devel-0.22.0-18.fc4.2.i386.rpm
8128ef8c06fcf1dfb952c84912cab910 i386/gdk-pixbuf-gnome-0.22.0-18.fc4.2.i386.rpm
1fa0933b6e9c7d21fca40b96a162a623 i386/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------
4.
- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1088
2005-11-15
- ---------------------------------------------------------------------
Product : Fedora Core 4
Name : gtk2
Version : 2.6.10
Release : 2.fc4.4
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.
- ---------------------------------------------------------------------
Update Information:
The gtk2 package contains the GIMP ToolKit (GTK+), a library
for creating graphical user interfaces for the X Window System.
A bug was found in the way gtk2 processes XPM images. An
attacker could create a carefully crafted XPM file in such a
way that it could cause an application linked with gtk2 to
execute arbitrary code when the file was opened by a victim.
The Common Vulnerabilities and Exposures project has
assigned the name CVE-2005-3186 to this issue.
Ludwig Nussel discovered an infinite-loop denial of service
bug in the way gtk2 processes XPM images. An attacker could
create a carefully crafted XPM file in such a way that it
could cause an application linked with gtk2 to stop
responding when the file was opened by a victim. The Common
Vulnerabilities and Exposures project has assigned the name
CVE-2005-2975 to this issue.
Users of gtk2 are advised to upgrade to these updated
packages, which contain backported patches and are not
vulnerable to these issues.
- ---------------------------------------------------------------------
* Mon Oct 31 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 2.6.10-2.fc4.4
- - Prevent an infinite loop in the xpm loader (#171905, CVE-2005-2975)
* Wed Oct 19 2005 Matthias Clasen <mclasen@xxxxxxxxxx> - 2.6.10-2.fc4.2
- - Prevent an integer overflow in the xpm loader (#171075, CAN-2005-3186)
- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
8b6c8d169a2077aec57fb1551e6b032d SRPMS/gtk2-2.6.10-2.fc4.4.src.rpm
5a1ab1b673c5a2efbdd75e23ad206945 ppc/gtk2-2.6.10-2.fc4.4.ppc.rpm
7880fe183673db71572a166571e5a91d ppc/gtk2-devel-2.6.10-2.fc4.4.ppc.rpm
52958efbd0796646ad0c1ca43a086009 ppc/debug/gtk2-debuginfo-2.6.10-2.fc4.4.ppc.rpm
ef8f41011dc23c3c1432ac81b6965632 ppc/gtk2-2.6.10-2.fc4.4.ppc64.rpm
b1e55459ebf53ad98c7c991c4a771539 x86_64/gtk2-2.6.10-2.fc4.4.x86_64.rpm
eb387f58aabad431bc6ac4e9c377c81f x86_64/gtk2-devel-2.6.10-2.fc4.4.x86_64.rpm
ed1e986aaca3a7d6fe01efaa5227de1e x86_64/debug/gtk2-debuginfo-2.6.10-2.fc4.4.x86_64.rpm
06c4edc69cd8cefc88e0745c9cbad651 x86_64/gtk2-2.6.10-2.fc4.4.i386.rpm
06c4edc69cd8cefc88e0745c9cbad651 i386/gtk2-2.6.10-2.fc4.4.i386.rpm
e9f0a994835b3666c1b85f38121e3251 i386/gtk2-devel-2.6.10-2.fc4.4.i386.rpm
d5ab5b36abd4882a3f0d6081179959d3 i386/debug/gtk2-debuginfo-2.6.10-2.fc4.4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Fedora for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQCVAwUBQ4HIZopao72zK539AQHUugP/VkmXCVfovPZi1WbfAUvne4PNqvMjmR8/
tNSs7DVPYKb/MqJy5sLlZppSYgy39CkO99i8Cx7WmcAmmODrts7wYejTMAHC2JhL
uGg9zLzMFOTmSRr1UiaIIfdU+Ab5EPGB7a1Aa4TFmUhVrBuSvHRvZMXq8EkJ2ULu
aj1Jmd5plaY=
=PWoU
-----END PGP SIGNATURE-----
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________